| Source | Azure Portal | ||||||
| Display name | Microsoft Managed Control 1748 - Security Authorization Process | ||||||
| Id | 4f3b7f51-9620-4c71-b887-48a6838c68b8 | ||||||
| Version | 1.0.0 Details on versioning |
||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||
| Description | Microsoft implements this Program Management control | ||||||
| Additional metadata |
Name/Id: ACF1748 / Microsoft Managed Control 1748 Category: Program Management Title: Security Authorization Process - Security Authorization/Risk Management Integration Ownership: Customer, Microsoft Description: The organization: Fully integrates the security authorization processes into an organization-wide risk management program. Requirements: The Azure Security Assessment and Authorization (A&A) SOP defines requirements as identified in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Federal Information Systems and Organizations. The SOP provides Azure services engineering employees and contractors with security responsibilities and other information technology (IT) personnel involved in security assessment and authorization with the specific procedures to follow for implementing the function for the systems under their purview. Azure shall communicate and publish all policies and procedures to a central repository (i.e. Azure Compliance SharePoint portal), and they should be accessible to all staff. Review of policies and procedures for information security and privacy is performed annually by the Azure Compliance and Privacy teams. Supporting documentation of the review is retained showing evidence of the review being completed and that reviewer’s changes align with the new version of the SOP. The purpose of this document is to enable engineers and operations to understand the security assessment and authorization requirements and the options available to fulfill them. The document also directs readers to additional engineering guidance and resources for services that want to onboard to the standardized and centralized implementations for meeting these requirements. |
||||||
| Mode | Indexed | ||||||
| Type | Static | ||||||
| Preview | False | ||||||
| Deprecated | False | ||||||
| Effect | Fixed audit |
||||||
| RBAC role(s) | none | ||||||
| Rule aliases | none | ||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
| Compliance | Not a Compliance control | ||||||
| Initiatives usage | none | ||||||
| History |
|
||||||
| JSON compare | n/a | ||||||
| JSON |
|